Business units and individual users have good reason to select their own cloud services and other tools

InfoWorld|May 31, 2013

You've heard the stories: Divisions of a company build their own business systems to automate their processes, or they embrace utilities such as storage to solve their own problems outside of the prying eyes of central IT. This is not only a trend, but an all-out push driven largely by the use of cloud computing.

Although IT may push back, the issue is larger than governance. Indeed, these systems are being built or purchased for a legitimate business need. If IT were able to fill that need, there would be no reason to find the solutions elsewhere. When IT can't address business demands, it shouldn't get in the way of those who can.

By 2015, according to the research firm Gartner in its 2012 predictions, 35 percent of IT expenditures for most organizations will be managed outside of the IT department's budget. The reason is simple: Those running the business require rapid access to infrastructure, applications, and data to innovate and compete.

CEOs are caught in the middle. On the one hand, IT complains about workers who go outside the system to find solutions, thus undermining central IT. Conversely, the business units claim cloud-based platforms free of IT control are necessary for productivity or innovation, which process and control should not trump. IT argues that security is compromised, and ultimately these systems will be their problem. All of them are right.

There is a reasonable compromise: Although IT should keep some control over the use of cloud-based platforms, employees should be empowered to turn to whatever technology they need to solve the problems at hand. Although this may seem like a Wild West approach, it's not. It's reasonable to impose basic controls over user-provisioned technology, such as an obligation to inform IT of the adoption of this technology or a selection of accepted cloud providers with prenegotiated deals.

IT might view this compromise as giving up on corporate IT governance, but the alternative is the inability to expand the business because of IT delays. The only way for IT to maintain full control is to fix its own issues and quickly reduce the application backlogs, so users have no reason to act on their own. Fat chance that will occur anytime soon. Until then, CEOs should validate shadow IT.